Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-32495

Update jackson-databind versions to fix various vulnerabilities.

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 2.4.6
    • None
    • Spark Core
    • None

    Description

      As a vulnerability for Fasterxml Jackson version 2.6.7.3 is affected by CVE-2017-15095 and CVE-2018-5968 CVEs https://nvd.nist.gov/vuln/detail/CVE-2018-5968, Would it be possible to upgrade the jackson version for spark-2.4.6 and so on(2.4.x).

      Attachments

        Activity

          People

            Unassigned Unassigned
            sshukla05 SHOBHIT SHUKLA
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: